Deeplinks Blog posts about Security

Celebrating the First Certificate From Let’s Encrypt

Today we mark an important milestone in our march to encrypt all of the Web: the first-ever certificate issued by Let’s Encrypt.

Let’s Encrypt is a free, automated, open-source certificate authority (CA). The goal is to revolutionize encryption on websites, making HTTPS implementation a seamless, no-cost option for anyone with a domain. Forget about hours (or sometimes days) of muddling through complicated programming to set up encryption on a website, or yearly fees. Let’s Encrypt puts security in the hands of website owners.

Popular Dating Site Has No Love for Strong Security

Back in 2012, EFF first called out OKCupid for failing to safeguard user data by not implementing HTTPS site-wide.

Three years later, OKCupid still hasn’t fixed the problem. For users who haven’t upgraded to paid accounts, their emails, chat sessions, searches, clicked links, pages viewed, and usernames are transmitted over the Internet in unencrypted plaintext, where they can be intercepted and read by anyone on the network.

Earlier this summer, when FBI Director James Comey made his case for backdooring strong encryption, he told us that he wanted to hash out the policy considerations surrounding encryption, law enforcement, and security in public: “Democracies resolve such tensions through robust debate.” This week, we learned that Comey apparently actually meant that he wanted the debate resolved in secret, before a judge known only to the government, by way of a sealed wiretap order.

Update 01/28/16: EFF now controls the Electronicfrontierfoundation.org domain and that URL currently redirects to this blog post. If you arrived at this page via a link in a message that may have been phishing, please let us know and we will investigate.

Yesterday, Manhattan District Attorney Cyrus Vance, Jr. and law enforcement officials from Paris, London, and Madrid published an anti-encryption op-ed in the New York Times—an op-ed that amounts to nothing more than a blatant attempt to use fear mongering to further their anti-privacy, anti-security, and anti-constitutional agenda. They want a backdoor. We want security, privacy, and respect for the Fourth Amendment’s guarantee that we be “secure” in our papers. After all, the Founding Fathers were big users of encryption.